AUTHOR: Gerard Beekmans DATE: 2003-10-09 LICENSE: BSD SYNOPSIS: Integrating SpamAssassin and Razor into Postfix DESCRIPTION: Spamassassing and Razor are great spam fighting tools. To make things even better, integrate it into your SMTP server to block spam at the incoming level rather than at the user level through procmail recipies. PREREQUISITES: Postfix - http://www.postfix.org SpamAssassin - http://www.spamassassin.org Razor - http://razor.sourceforge.net HINT: The main reason for setting up SpamAssassin + Razor at linuxfromscratch.org at the SMTP level is to do a spam check before spam hits the mailinglists. If a message is determined to be spam, Postfix will reject the message. Note: this hint does not deal with installing the Spamassassin or Razor programs. Download the programs (URLs above) and read the documentation. They're not hard to setup. The Postfix distribution comes with the README_FILES/FILTER_README file you want to read through. It gives some background information on how filtering works in Postfix (which is what we will be doing). That FILTER_README file suggests you creating a dedicated filter user with no home directory or shell. This won't work for us, because spamassassin and razor need a directory to work in and write files to. I decided to call the user and group "postfixfilter". It seemed appropriate enough. Create this group and user the same way you would create any other user and group. Create the filter script that Postfix will be running for every email that comes in: cat > /home/postfixfilter/postfixfilter << "EOF" #!/bin/bash /usr/bin/spamc | /usr/sbin/sendmail -i "$@" exit $? EOF Chown and chmod that file if you didn't create it as user postfixfilter. What does it do? Postfix dumps an email to the /home/postfixfilter/postfixfilter script. We intercept it and dump it to spamc. Spamc connects to the spamd daemon and will run the spam checking tests, then pipe the rewritten email (now including the spam result headers) to sendmail for continued delivery. It then exits with whatever sendmail's return value was. So, we need to have the spamd daemon running. I added it to the postfix bootscript, using the command "spamd -d -u postfixfilter". Next, configure Postfix to start filtering. Edit the /etc/postfix/master.cf (or where ever you keep your postfix configuration files). Find the following line: smtp inet n - n - - smtpd It may look a bit different but this is the default. This is the line that tells Postfix to listen on the smtp port (25) for incoming email and have smtpd deal with it. This is the line we want to modify in order for incoming email to be filtered (checked for spam in our case) before delivery. Directly below that line, add this one: -o content_filter=postfixfilter: It would be advisable to indent it with a tab or some spaces just so it's easier to see that it belongs to the previous line. Do not forget the colon at the end of the postfixfilter. I'm not quite sure what it does, but the FILTER_README file warns to include it, so just do it. Append the following lines to the end of the master.cf file: postfixfilter unix - n n - - pipe flags=Rq user=postfixfilter argv=/home/postfixfilter/postfixfilter -f ${sender} -- ${recipient} Okay, if you did exactly what I told you to do and I didn't forget to tell you anything, then you are set to go. Reload postfix by running: postfix reload Incoming mail should now be filtered for spam by spamassassin. You can configure spamassassin and razor through the config files in /home/postfixfilter If you want to get rid of spam right here at the SMTP level, you can continue with configuring Postfix to reject or discard all spam after SpamAssassin has tagged mail as such. This is accomplished by telling Postfix to check for certain headers and take appropriate action. Add the following option to the /etc/postfix/main.cf file: header_checks = regexp:/etc/postfix/regexp_header Create the /etc/postfix/regexp_header file and add this line to it: /^X-Spam-Flag: YES/ REJECT I don't like spam. I prefer bison. This will cause Postfix to reject all mail that contain the X-Spam-Flag: header with the value of 'YES'. The reject message "I don't like spam. I prefer bison" is optional. If not present the generic message "message content rejected" will be sent back. Check the access(5) man page for options other than REJECT. DISCARD is an often used one which pretends to be a successful delivery and silently discards the message. CHANGELOG: [2003-10-15] * Fix bug in cat command (forgot the > character to redirect to the output file) [2003-10-11] * Completed pre-requisites section. [2003-10-09] * Rewrite to comply with the new hint format guidelines. * Rewrite text to match the current setup on the LFS server. [2003-01-15] * Updated for latest software versions * Using perl daemon for increased performance rather than start the entire perl program for every incoming email. * Removed the spamassassin bug fix from version 1.1 [Unknown date] * Added bugfix for the /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.pm file [Unknown date] * Initial release.